Good evening everyone,

I’ve been trying to configure Observium with a forms based SSO solution.

My reasoning for this, is that I’d like to minimize the attack surface for Observium when published to the Internet.

As Observium supports groups, I thought it would be extremely beneficial for clients to view their throughput at anytime from anywhere.

I was curious if anyone in the community is using pre-authentication, or if you’re publishing Observium directly to the Internet.

I’m not as familiar with Apache and PHP, so hardening the service through pre-auth seemed like a good first step.

Unfortunately, I can’t quite get pre-auth to work. Observium uses forms based authentication, which is hard to capture on the platform I’m using.

Here’s a link, if you’re curious on how I’m trying to capture it:

http://fritsesblog.blogspot.com/2015/04/link-to-netscaler-form-sso-kb.html

If I could get Observium to use basic authentication, I think I could get it to work. Do we know if this is possible? A better question, is pre-auth even necessary here?

Aside from HTTPS, iptables, firewalling, and locking down SSH/root, what other steps do you take to secure your Observium server? Do you think that allowing Internet access is unwise at this time?

Thank you for any input on insight into this. This is a concern of mine that I’m trying to address.

Your suggestions and opinions are very much appreciated.

Regards,

- NM